Search
Keyword: usoj_proxy.bcw
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This online banking Trojan modifies an affected system's proxy settings and adds a malicious root certificate to allow information theft at the network level. These behaviors are seen in malware used
following additional components to properly run: LoadLibrary.dll NOTES: It will listen to the following port in which it serves as a way before responding a connection: 1533 It provides the following proxy
Trojan runs only when the day is Wednesday. It checks for the system's proxy settings by querying registry with the following value name: ProxyEnable ProxyServer AutoConfigURL It can also bypass proxy. It
Information Theft This backdoor gathers the following data: Host Name IP address of affected Machine Proxy server settings(registry,file:prefs.js) Password stored by Internet Explorer NOTES: It may connect
CVE-2008-2939 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and
CVE-2010-0010 Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a
CVE-2005-4466 Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute
CVE-2007-5355 The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad
Other Details This Backdoor does the following: It attempts to connect to its C&C using the following methods: Via Configured Proxy Via Web Proxy Auto-Discovery Protocol Via Internet Explorer Proxy Via
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
drops the following component file(s): %User Temp%\{Computer Name}.txt - also detected as BAT_BANKER.ZIP (contains proxy settings) (Note: %User Temp% is the current user's Temp folder, which is usually C:
websites. It acts as a proxy server to allow remote malicious user to use the affected systems to hide their identities when performing malicious activities. Arrival Details This backdoor may be dropped by
This backdoor acts as a proxy server that intercepts requests from certain Internet browsers and points them to the proxy server on port 63414. It monitors certain strings in the address bar of the
{random characters} It posts the following information to its command and control (C&C) server: Computer name Local IP address Proxy server IP and port Malware ID Dropped by other malware Compromises system
}o.jp.ftp.sh/FGK1187.jsp It posts the following information to its command and control (C&C) server: Computer name Local IP address Proxy server IP and port Malware ID Dropped by other malware Compromises system security
backdoor executes the following commands from a remote malicious user: Creates a proxy connection Gather information from past created proxy connection Close socket of proxy connection Modify its added
address proxy server (and port) NOTES: This malware is loaded by TROJ_LOADER.FEKI. It connects to the following website to download from the C&C: http://whois.{BLOCKED}online.com/help={random number
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies registry entries to disable various system